Pantheon

Protecting WordPress login page thru Basic Authentication

Take steps to avoid brute force attacks on the WordPress admin dashboard page. This would add an additional layer to site security and avoid traffic excess. Basic Authentication would facilitate HTTP requests to require a username and a password.

Add Basic Authentication via .htaccess

This is applicable to sites using Apache as the web server, this would not work on hosts with Nginx as their web server. Two simple steps:

Create a .htpasswd file then upload it to your webroot folder, this is the folder mostly where “.htaccess" resides.

Add this line to your .htaccess file

<Files wp-login.php>
AuthUserFile /.htpasswd
AuthName "Security Lock"
AuthType Basic
require valid-user
</Files>

Add Basic Authentication on the wp-config.php file

Sometimes as customers don’t have access to server configuration and PHP would be the fallback method.

if(preg_match('/(wp-login.php)/',$_SERVER['REQUEST_URI'])){
    if (!isset($_SERVER['PHP_AUTH_USER']) || ( $_SERVER['PHP_AUTH_USER'] != 'yourusername' && $_SERVER['PHP_AUTH_PW']   != 'yourpassword')) {
	    header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
	    header( 'WWW-Authenticate: Basic realm="Security Lock"' );
        header( 'HTTP/1.0 401 Unauthorized' );          
        exit();          
     }
}

Skipping WordPress Background Updates

What is Site Health?

The WordPress admin interface is designed to assist end-users in self-servicing their sites by addressing typical setup difficulties and other aspects of maintaining a healthy online presence. It also gives developers a consistent place to store debugging information.

SiteHealth Dashboard

Why the need to skip background updates?

Some hosts, specially Pantheon.io handle the core updates by means of applying upstream updates, or in some common practice, more sites are now in version control using git. Site owners don’t want to ignore the whole time and miss out on potential problems.

Code snippet to skip the update

Create a file named sitehealth.php put it in wp-content/mu-plugins and put these lines of code.

<?php
/**
 * Plugin Name: Sitehealth 
 * Plugin URI: https://github.com/careydayrit/
 * Description: Skip core update on sites using Git
 * Version: 0.1
 * Author: Carey Dayrit
 * Author URI: https://careydayrit.com/
 *
 * @package sitehealth
 */
 
add_filter('site_status_tests', 'skip_background_updates_tests', 10, 1 );


function skip_background_updates_tests($tests){
    unset($tests['async']['background_updates']);
    return $tests;
}

Team Management through Pantheon Terminus

Required Reading: https://pantheon.io/docs/terminus

What is Terminus?

The Terminus command-line interface provides advanced interaction with Pantheon. Terminus enables you to do almost everything in a terminal that you can do in the Dashboard, and much more. This article listed several commands in Terminus 2 that can be used in managing a site’s team using Terminus. First thing first, in all terminus commands we should know how to identify a site to manage it properly.

Getting the Site ID

The site id is an identifier of the site used to route and used by the Pantheon platform to identify the site’s dashboard. To get the site_id you need to login into Pantheon and pick the correct site, to be on the dashboard.

dashboard
URL of Pantheon Site Dashboard

Getting the Site Name

The site name is a machine name, which is a readable name used also to identify a site in Pantheon. The site name is used mostly with the platform URL.

List all team members

terminus site:team:list 

Displays the list of team members for a site. 

site:team:list [–format FORMAT] [–fields FIELDS] [–field FIELD] [–] <site_id> or <site_name>

The command accepts the <site_name> or the <site_id> of the Pantheon site.

The arguments –field and –fields are mostly the same, the difference is the field is just a single field while fields are a group of fields separated by comma(,).

  • email: Email
  • role: Role
  • id: User ID
  • is_owner: Is owner?

The available formats are, without the –format option the default is a table.

  • csv
  • json
  • list,
  • null
  • php,
  • print-r
  • sections
  • string
  • table
  • tsv
  • var_export
  • xml
  • yaml

Add a member

terminus site:team:add

Add a user to the site’s team list.

site:team:add <site_id/site_name> <member> <role>

The member argument should be an email if the email is not associated with a Pantheon account, an invite will be sent.

The role has two choices

  • developer
  • team_member

Change member role

terminus site:team:role

Update a member role on the site’s team.

site:team:role <site_id/site_name> <member> <role>

This command has the same arguments as the add member command but this would only change the role of a user on the site’s team.

Remove a member

terminus site:team:remove

site:team:remove <site_id/site_name> <member>

Removes a member from the site’s team

Filezilla on Pantheon

FileZilla is an FTP client that allows you to upload and import files to and from the Pantheon server. This app allows you to copy several files at the same time. It is a cross-platform software that is available on Windows, Mac OS, and Linux.

This article will walk you through the steps of downloading and uploading your WordPress or Drupal site on Pantheon.

Download Filezilla

If you don’t already have FileZilla installed, grab the most recent update and install it on your computer.

Start Filezilla

Start FileZilla by looking for the application on the start menu or search bar on Windows, on the applications folder on Mac OS, and search for Ubuntu. Keep in mind that Pantheon uses a non-standard port for SFTP, and the protocol must be SFTP rather than FTP.

Create a New Site

Click the Site Manager Icon, that would be the Icon under the File menu.

This would prompt the Site Manager window that would allow a new connection to be made on Filezilla.

Click the New Site button and put details from the Site Dashboard Connection Info from Pantheon. Use the password that is being used on Pantheon User Dashboard. Make sure the Protocol is in SFTP and is using port 2222.

Select to accept the server’s host key for the current session so it is stored in the cache. This will allow you to connect to the server and manage your files for the current session.

To get to the site’s root simply navigate to the code folder and you will be able to continue managing your files as normal.

Installing WP Rocket on Pantheon Platform

Some people do find a hard time installing WP Rocket on Pantheon since it creates files on a write-protect folder set by Pantheon Platform.

The solution was to create a symlink and point to the write permitted folder which is the wp-content/uploads folder.

Please take note that this step is not recommended to be used on any SFTP app but only on the SFTP command line. Since creating symlinks over SFTP have inconsistencies between clients. The process below was tested using MacBook Pro (Mojave), Ubuntu 18.04.4 LTS, and Windows 10 (Release 1909)

  • Create a folder cache and wp-rocket-config on wp-content/uploads folder on DEV first (later would be TEST and LIVE).
  • Remove the wp-content/cache folder. If there is a wp-content/wp-rocket-config folder, remove it also.
  • Create a symlink via the terminal command line.

Note: Be sure that you are in the wp-content folder.

$ ln -s ./uploads/cache cache
$ ln -s ./uploads/wp-rocket-config wp-rocket-config
  • Commit and push the symlink via git.
  • Create the folder cache and wp-rocket-config in wp-content/uploads​ for TEST and LIVE.
  • Commit and deploy code to TEST and LIVE.
  • Activate the WP-Rocket plugin and apply the license code.

Hopefully, this will help users install the WP-Rocket Plugin on the Pantheon Platform.

Happy Coding.